Lucene search
K

656 matches found

CNVD
CNVD
added 2025/07/25 12:0 a.m.1 views

Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability

Cisco Unified Intelligence Center is the United States Cisco Cisco company's set of Web-based reporting platform. The platform provides reports related to business data and call center data presentation capabilities. A server-side request forgery vulnerability exists in Cisco Unified Intelligence...

5.8CVSS6.9AI score0.00323EPSS
Exploits0
OSV
OSV
added 2025/07/23 9:15 p.m.2 views

UBUNTU-CVE-2025-53537

LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set suricata.yaml...

7.5CVSS5.8AI score0.0042EPSS
Exploits0References5
OSV
OSV
added 2025/07/22 9:15 p.m.6 views

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.1CVSS5.8AI score0.00219EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/06/25 12:20 p.m.4 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00724EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/25 3:46 a.m.4 views

Malicious code in aog-checker (npm)

Malicious package due to data exfiltration via HTTPS and DNS, and a suspicious preinstall script executing code before installation. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7348f881da3fd51ab1de0082ff6538b4c7882dd76eb460e2f64cac368fadd7c7 Any computer that ha...

7.1AI score
Exploits0References2
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.2 views

Brother Industries Multiple driver installers for Windows 安全漏洞

Brother Industries Multiple driver installers for Windows is a driver software from Brother Industries, Japan. A security vulnerability exists in Brother Industries Multiple driver installers for Windows, which can be exploited by an unauthenticated attacker to access the /etc/mntinfo.csv path vi...

5.3CVSS8.1AI score0.7656EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2025/06/17 12:8 p.m.5 views

libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

9CVSS7.3AI score0.00798EPSS
Exploits0References5
OSV
OSV
added 2025/06/17 12:15 a.m.3 views

CVE-2025-6146

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to...

8.7CVSS6.4AI score0.01033EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2025/06/05 12:0 a.m.5 views

The vulnerability of the Activity Guide Composer component in the PeopleSoft Enterprise CC Common Application Objects suite allows a malicious individual to gain unauthorized access to read, add, modify, or delete data.

The vulnerability of the Activity Guide Composer component, a toolset for managing and processing data in PeopleSoft Enterprise CC Common Application Objects, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized acces...

5.5CVSS7.6AI score0.00319EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/05 12:0 a.m.9 views

The vulnerability of the Attachments component in the iSupplier Portal application of the Oracle E-Business Suite allows a perpetrator to disclose protected information.

The vulnerability of the Attachments component in the iSupplier Portal application of the Oracle E-Business Suite is related to access control errors. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information using the HTTP protocol...

6.8CVSS7.1AI score0.00478EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/23 5:20 a.m.3 views

CVE-2023-21984

Vulnerability in the Oracle Solaris product of Oracle Systems component: Libraries. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks of this vulnerability can...

6.5CVSS6.1AI score0.00658EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.3 views

Streamlining HTTP Flooding Attack Detection through Incremental Feature Selection

Applications over the Web primarily rely on the HTTP protocol to transmit web pages to and from systems. There are a variety of application layer protocols, but among all, HTTP is the most targeted because of its versatility and ease of integration with online services. The attackers leverage the...

6.4AI score
Exploits0
OSV
OSV
added 2025/05/13 10:15 p.m.2 views

DEBIAN-CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

5.4CVSS5.9AI score0.003EPSS
Exploits0References1
OSV
OSV
added 2025/05/09 12:42 p.m.5 views

OESA-2025-1468 cobbler security update

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

9.8CVSS7.1AI score0.88482EPSS
Exploits1References6
OSV
OSV
added 2025/05/07 10:15 p.m.4 views

CVE-2025-41414

When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.00352EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/06 3:43 p.m.12 views

libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header

A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

7.5CVSS7.3AI score0.00694EPSS
Exploits0References5
OSV
OSV
added 2025/04/30 11:6 a.m.5 views

USN-7469-4 h2o vulnerability

USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for H2O. Original advisory details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References2
CNNVD
CNNVD
added 2025/04/24 12:0 a.m.3 views

h11 环境问题漏洞

h11 is a small HTTP/1.1 library written from scratch in Python by the individual developer Nathaniel J. Smith. An environment issue vulnerability exists in versions of h11 prior to 0.16.0, which stems from improper parsing of line terminators and could lead to a request entrapment attack...

9.1CVSS7.4AI score0.00522EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/04 12:0 a.m.11 views

FreeBSD : mozilla -- memory corruption (b31a4e74-109d-11f0-8195-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b31a4e74-109d-11f0-8195-b42e991fc52e advisory. [email protected] reports: CVE-2025-1938: Memory safety bugs present in Firefox 135,...

6.5CVSS7.3AI score0.00433EPSS
Exploits0References7
OSV
OSV
added 2025/03/28 12:16 p.m.9 views

CLSA-2025-1743164157 Fix CVE(s): CVE-2023-44487

SECURITY UPDATE: Denial of service - debian/patches/CVE-2023-44487.patch: Improvements to HTTP/2 overhead protection - CVE-2023-44487...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References1
Rows per page
Query Builder